我想分发加密邮件,只有我可以加密,但每个人都可以解密。我正在使用以下代码来执行任务。它有效,但我想知道它是否有任何安全问题?
我知道正常使用是使用RSA公钥加密和私钥解密(但我的用例是相反的)。此外,我不想在这里使用java.security.Signature。
用例: 我想通过电子邮件将配置文件从服务器发送到客户端,而收件人无法以明文形式读取配置。安装过程中具有服务器公钥的应用程序将能够在配置文件导入配置目录后对其进行解密。
public static final String ALGORITHM = "RSA/ECB/PKCS1Padding";
public Cipher createCipher(final int encryptionMode, final Key key) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
final Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(encryptionMode, key);
return cipher;
}
public byte[] encryptString(final String text, final PrivateKey privateKey) throws GeneralSecurityException, IOException {
return createCipher(Cipher.ENCRYPT_MODE, privateKey).doFinal(text.getBytes("UTF-8"));
}
public String decryptString(final byte[] msg, final PublicKey publicKey) throws GeneralSecurityException, IOException {
final byte[] decrypted = createCipher(Cipher.DECRYPT_MODE, publicKey).doFinal(msg);
return new String(decrypted, "UTF-8");
}
// me
final PrivateKey privateKey = ... read from file ...
final byte[] msg = encryptString("my-secret-text-that-everybody-can-read-but-only-I-can-generate", privateKey);
// other person
final PublicKey publicKey = ... read from file ...
final String text = decryptString(msg, publicKey));